On Tue, Aug 26, 2003 at 02:13:43PM -0700, Bob Miller wrote: > Cory Petkovsek wrote: > > > For instance, when an ip is blacklisted, spammers change ips. > > However doing this means they are refused by greylisting and have to > > exert more resources to resend mail. > > Serious spammers have many more IPs than mortals can imagine. A > spammer contacted a friend of mine who runs an ISP a couple of weeks > ago, and he wanted to rent "several Class B nets". A Class B network > has 65534 IP addresses. So this spammer wanted more than 100,000 IPs > from one ISP. He's probably spread his "business" across many ISPs, > as well.
Good for them. Then Greylisting is bad for spammers. Did you read the article? Here again is a run down using greylisting and RBLs. RBLs: IP/netblocks that are known sources of spam are black listed and automatically refused at the MTA. Greylisting: IP/netblocks that haven't successfully sent email before are temporarily refused. If the source MTA tries again after a specified delay, then the email is allowed in (to be filtered by other means). This means that in order to send a successful email, they need to do one of the following: 1) stay put on an IP to get through the greylist, but rbls will get them 2) change IPs to avoid the RBLs, but the greylist gets them 3) they need to store and resubmit a delayed email (suggested default was 1 hr) #3 is very expensive for a spammer who sends millions or even tens of thousands of emails a day, and the hope is that it is expensive enough to not make it worth it. Advanced spammers could implement their spam software to get around it without having to store a large amount of data, by saving only a little bitflag per email & email address. However those same advanced spammers are the ones sending the largest volumes of spam. This means, every resubmittal adds up. When more and more people start using grey listing, they start wasting tons of bandwidth as huge portions of their initial run is refused and they have to resubmit. It will certainly cut out most of the amatuers and give the pros a run for their money. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
